21 Apr 2015
Have you been following this story?
According to news reports, Security researcher Chris Roberts, a founder and CTO of Colorado-based security firm called One World Labs, was detained by the FBI in Syracuse for four hours and had his electronics confiscated after publishing a “joke” tweet while onboard United Airlines Boeing 737/800.
The tweet made reference to hacking into the flight's onboard computer settings. It said "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)"
While Roberts insists it was just for laughs, his “joke” tweet does sit quite nicely with some recent research he has been doing into flight insecurity, where in-flight WiFi technologies could allegedly be used to put the actual flight and its passengers at risk.
Only hours before he was detained by the FBI, Fox news published an article, quoting Roberts on this subject, where he states “We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems. Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit.”
And according to Capital Wired article , the US General Account Office published a report that it was “highly probable for a plane to be brought down by on-board hackers.”
Not everyone agrees with the findings, however. A post on slashdot says that “a cyber expert and pilot called the report ‘deceiving’ and said that ‘To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane.’”
Roberts’ tweet-related problems are not over. United Airlines have refused him admission to a flight to San Fransisco, where the security expert is scheduled to present on transportation security issues at the RSA security conference on Thursday this week.
The EFF weighed in, issuing a statement, stating, “United’s refusal to allow Roberts to fly is both disappointing and confusing. As a member of the security research community, his job is to identify vulnerabilities in networks so that they can be fixed.”
While cutting-edge security research - particularly where vulnerabilities are discovered - is vital and should be encouraged, the issue of responsible disclosure should not be disregarded.
With that in mind, perhaps the take-away here might be this: if you want people to take your research seriously, it might be responsible to let the research try to stand on its own two feet, without trying to lighten the mood with “jokes” on social media.
Carole Theriault
Consultant for AKJ Associates.
According to news reports, Security researcher Chris Roberts, a founder and CTO of Colorado-based security firm called One World Labs, was detained by the FBI in Syracuse for four hours and had his electronics confiscated after publishing a “joke” tweet while onboard United Airlines Boeing 737/800.
The tweet made reference to hacking into the flight's onboard computer settings. It said "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)"
While Roberts insists it was just for laughs, his “joke” tweet does sit quite nicely with some recent research he has been doing into flight insecurity, where in-flight WiFi technologies could allegedly be used to put the actual flight and its passengers at risk.
Only hours before he was detained by the FBI, Fox news published an article, quoting Roberts on this subject, where he states “We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems. Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit.”
And according to Capital Wired article , the US General Account Office published a report that it was “highly probable for a plane to be brought down by on-board hackers.”
Not everyone agrees with the findings, however. A post on slashdot says that “a cyber expert and pilot called the report ‘deceiving’ and said that ‘To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breathe air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane.’”
Roberts’ tweet-related problems are not over. United Airlines have refused him admission to a flight to San Fransisco, where the security expert is scheduled to present on transportation security issues at the RSA security conference on Thursday this week.
The EFF weighed in, issuing a statement, stating, “United’s refusal to allow Roberts to fly is both disappointing and confusing. As a member of the security research community, his job is to identify vulnerabilities in networks so that they can be fixed.”
While cutting-edge security research - particularly where vulnerabilities are discovered - is vital and should be encouraged, the issue of responsible disclosure should not be disregarded.
With that in mind, perhaps the take-away here might be this: if you want people to take your research seriously, it might be responsible to let the research try to stand on its own two feet, without trying to lighten the mood with “jokes” on social media.
Carole Theriault
Consultant for AKJ Associates.
Tags: One World Labs Chris Roberts security research IT Twitter United Airlines joke
